lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <CA+55aFz-7FAcZtkoxs97nAfyxfaOdtp1JUjmaF_ksx5uKqefJA@mail.gmail.com>
Date:   Tue, 28 Nov 2017 10:11:07 -0800
From:   Linus Torvalds <torvalds@...ux-foundation.org>
To:     Joe Perches <joe@...ches.com>
Cc:     "Eric W. Biederman" <ebiederm@...ssion.com>,
        "Tobin C. Harding" <me@...in.cc>,
        "Jason A. Donenfeld" <Jason@...c4.com>,
        "Theodore Ts'o" <tytso@....edu>, Kees Cook <keescook@...omium.org>,
        Paolo Bonzini <pbonzini@...hat.com>,
        Tycho Andersen <tycho@...ho.ws>,
        "Roberts, William C" <william.c.roberts@...el.com>,
        Tejun Heo <tj@...nel.org>,
        Jordan Glover <Golden_Miller83@...tonmail.ch>,
        Greg KH <gregkh@...uxfoundation.org>,
        Petr Mladek <pmladek@...e.com>,
        Ian Campbell <ijc@...lion.org.uk>,
        Sergey Senozhatsky <sergey.senozhatsky@...il.com>,
        Catalin Marinas <catalin.marinas@....com>,
        Will Deacon <wilal.deacon@....com>,
        Steven Rostedt <rostedt@...dmis.org>,
        Chris Fries <cfries@...gle.com>,
        Dave Weinstein <olorin@...gle.com>,
        Daniel Micay <danielmicay@...il.com>,
        Djalal Harouni <tixxdz@...il.com>,
        Radim Krčmář <rkrcmar@...hat.com>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        KVM list <kvm@...r.kernel.org>,
        "kernel-hardening@...ts.openwall.com" 
        <kernel-hardening@...ts.openwall.com>
Subject: Re: [PATCH 0/5] add printk specifier %px, unique identifier

On Tue, Nov 28, 2017 at 10:04 AM, Linus Torvalds
<torvalds@...ux-foundation.org> wrote:
>
> If we really get failures, we can do that.

Anyway, it's pushed out now so people can test whatever workflows they have.

As mentioned, I doubt anybody cares. That file is already conditional
on CONFIG_STACKTRACE, and while that may be something that all distros
do enable, I know that I have run without it and never even realized.

So it's not just that the numbers are different widths on different
architectures (including the "running 32-bit user space x86 on a
64-bit kernel" case), the whole file isn't even always there, and I
can't say that I've ever heard of problems with /proc/<pid>/stack.

So this file almost certainly doesn't matter to begin with, and with
KASLR (which everybody should have anyway) the numerical values are
useless to anybody except for some attacker that wants to get the
kaslr offset.

We've had kasrl for a long time, this is just a (small) part of
actually making it halfway relevant.

               Linus

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ